× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 098c5a6d4c9e0926c054fc7ca79f67e6de7bf8f41245ed1063fea48575bb377d
File name: DECRYPTED
Detection ratio: 30 / 48
Analysis date: 2013-11-28 18:29:23 UTC ( 4 months, 2 weeks ago )
Antivirus Result Update
AVG PSW.Generic11.CLGF 20131128
Ad-Aware Gen:Variant.Kazy.252581 20131128
AhnLab-V3 Backdoor/Win32.Agent 20131128
AntiVir TR/Spy.Gen 20131128
Antiy-AVL Backdoor/Win32.NetWiredRC 20131128
Avast MacOS:Wirenet-A [Trj] 20131128
BitDefender Gen:Variant.Kazy.252581 20131128
Bkav W32.KaniatI.Trojan 20131128
DrWeb Trojan.PWS.Multi.1182 20131128
ESET-NOD32 Win32/Spy.Agent.NYU 20131128
Emsisoft Gen:Variant.Kazy.252581 (B) 20131128
F-Secure Gen:Variant.Kazy.252581 20131128
Fortinet W32/Agent.NYU!tr 20131128
GData Gen:Variant.Kazy.252581 20131128
Ikarus Backdoor.Win32.NetWiredRC 20131128
Jiangmin Backdoor/Agent.dssr 20131128
K7AntiVirus Riskware ( 0040eff71 ) 20131128
K7GW Riskware ( 0040eff71 ) 20131128
Kaspersky Backdoor.Win32.NetWiredRC.i 20131128
Kingsoft Win32.Troj.Generic.a.(kcloud) 20130829
Malwarebytes Spyware.Password 20131128
MicroWorld-eScan Gen:Variant.Kazy.252581 20131128
Microsoft Backdoor:Win32/NetWiredRC.B 20131128
Norman NetWiredRC.A 20131128
Panda Generic Malware 20131128
SUPERAntiSpyware Trojan.Agent/Gen-Urausy 20131127
TheHacker Trojan/Spy.Agent.nyu 20131128
VBA32 Backdoor.Agent 20131128
VIPRE Trojan.Win32.Nyu.tr (v) 20131128
nProtect Backdoor/W32.NetWiredRC.70656 20131128
Agnitum 20131127
Baidu-International 20131128
ByteHero 20131127
CAT-QuickHeal 20131128
ClamAV 20131128
Commtouch 20131128
Comodo 20131128
F-Prot 20131128
McAfee 20131128
McAfee-GW-Edition 20131128
NANO-Antivirus 20131128
Rising 20131128
Sophos 20131128
Symantec 20131128
TotalDefense 20131128
TrendMicro 20131128
TrendMicro-HouseCall 20131128
ViRobot 20131128
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-08-30 18:56:45
Entry Point 0x00001FEC
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
CryptReleaseContext
RegCloseKey
CryptAcquireContextA
RegSetValueExA
CryptGetHashParam
RegQueryValueExA
GetUserNameA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
CryptHashData
RegEnumKeyExA
CryptDestroyHash
CryptCreateHash
CryptUnprotectData
DeleteDC
SelectObject
GetDIBits
BitBlt
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
CreateToolhelp32Snapshot
PeekNamedPipe
GetLastError
HeapFree
EnterCriticalSection
ReadFile
Process32First
FileTimeToSystemTime
GetFileAttributesA
GetDriveTypeA
HeapAlloc
ExitProcess
GetVersionExA
GetModuleFileNameA
LoadLibraryA
GetLocalTime
CreatePipe
GetStartupInfoA
GetCurrentProcessId
OpenProcess
CreateDirectoryA
DeleteFileA
ReleaseMutex
SetErrorMode
Process32Next
GetCommandLineA
GetProcAddress
GetSystemInfo
GetProcessHeap
CreateMutexA
SetFilePointer
FindFirstFileA
WriteFile
CloseHandle
GetComputerNameA
FindNextFileA
FreeLibrary
LocalFree
MoveFileA
TerminateProcess
ResumeThread
CreateProcessA
GetLogicalDriveStringsA
InitializeCriticalSection
FindClose
Sleep
GetTickCount
GetFileAttributesExA
CreateFileA
GetProcessTimes
LeaveCriticalSection
SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteA
GetMessageA
MapVirtualKeyA
GetForegroundWindow
EnumWindows
keybd_event
PostQuitMessage
DefWindowProcA
ShowWindow
GetSystemMetrics
DispatchMessageA
TranslateMessage
GetDC
RegisterClassExA
ReleaseDC
SetWindowTextA
GetKeyNameTextA
mouse_event
IsWindowVisible
SendMessageA
ToAscii
SetCursorPos
CreateWindowExA
GetKeyboardState
GetDesktopWindow
GetWindowTextA
GetKeyState
waveInOpen
waveInPrepareHeader
waveInGetDevCapsA
waveInAddBuffer
waveInClose
waveInUnprepareHeader
waveInStop
waveInStart
waveInGetNumDevs
__WSAFDIsSet
gethostname
socket
setsockopt
recv
send
WSACleanup
WSAStartup
gethostbyname
select
ioctlsocket
WSAGetLastError
shutdown
ntohs
htons
closesocket
WSAIoctl
connect
getenv
_vsnprintf
time
fwrite
_vscprintf
fgetpos
fclose
malloc
free
fsetpos
fread
_filelengthi64
_beginthreadex
sprintf
realloc
fgets
fflush
fopen
strlen
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:08:30 19:56:45+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
59392

LinkerVersion
2.23

EntryPoint
0x1fec

InitializedDataSize
10240

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
15360

File identification
MD5 224c73f8172123e5ddca2302425664a6
SHA1 58c077bc129a792b09d01e7f2afe079c628254a8
SHA256 098c5a6d4c9e0926c054fc7ca79f67e6de7bf8f41245ed1063fea48575bb377d
ssdeep
1536:hdY9t6c6HnAUDy34Srzyfzt3ycjPsfxjy+AX8dj+D9ewuP:hdYn6rHAd4Svyrt3vLsf1y+AX8dj+pc

File size 69.0 KB ( 70656 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.5%)
Win32 Executable (generic) (9.3%)
Win16/32 Executable Delphi generic (4.2%)
Generic Win/DOS Executable (4.1%)
Tags
peexe

VirusTotal metadata
First submission 2013-11-28 18:29:23 UTC ( 4 months, 2 weeks ago )
Last submission 2013-11-28 18:29:23 UTC ( 4 months, 2 weeks ago )
File names DECRYPTED
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Set keys
Created mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests
UDP communications